| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 26 Feb 2006 12:53:12 -0000 From: preben@...chcom.no To: bugtraq@...urityfocus.com Subject: Thomson SpeedTouch 500 modems vulnerable to XSS TITLE: Thomson SpeedTouch 500 series vulnerable to XSS CRITICAL: Less critical IMPACT: Cross Site Scripting SOFTWARE: SpeedTouch 5.3.2.6.0 DESCRIPTION: There consists a vulnerability in the SpeedTouch modems, which can be exploited by malicious people to conduct cross-site scripting attacks, and make a counseled user Input passed to the LocalNetwork page isn't properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Such code can also be added through a proxy, because user validation is only done by JavaScript. If a user is made with injected scripting code this user will become un-delete able if the code is crafted correctly. PoC #1 - XSS http://[host]/cgi/b/intfs/_intf_/ov/?ce=1&be=0&l0=3&l1=1&name=[code here] PoC #2 - Stealthy user (through proxy) 0=10&1=usrAccApply&34=NewUser&36=1&33=test&31=[code here] SOLUTION: Check vendor's site for firmware upgrade. As of this writing, none is available PROVIDED AND DISCOVERED BY: Preben Nyløkken
Powered by blists - more mailing lists